Currently working on using my current Haproxy server as a single outbound IP address. Currently it is only used as an inbound load balancer. I am setup in AWS, three subnets (different AZ’s) and those same servers it is listening to blanace to, I would like to route traffic back out of the HA server so only a single static IP address would need to be whitelisted.
I have been reading on TPROXY, but would this resolve the NAT needs for outbound traffic? Thanks for any assistance!
Below is my config and I am running HA 1.5.12 -
==============
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
daemon
defaults
log global
option dontlognull
retries 3
option redispatch
maxconn 40096
timeout connect 5000
timeout client 240000
timeout server 240000
option http-server-close
option log-health-checks
listen httpproxy 0.0.0.0:80
mode http
option forwardfor
option httplog
#STATS
stats enable
stats hide-version
stats scope .
stats uri /haproxyadmin?stats
stats realm Proxy\ Statistics
stats auth admin:haproxy!canvas
#HEALTH CHECKS
option httpchk GET /someindex.html HTTP/1.1\r\nHost:\ site.site.com
http-check expect ! rstatus ^5 # Accept all 2XX and 3XX errors considering 5XX errors to fail health.
default-server inter 3s fall 3 rise 2
server hostname.com 10.0.1.2:80 check
server hostname.com 10.0.2.2:80 check
server hostname.com 10.0.3.2:80 check
tcp-request content reject if { src -f /etc/haproxy/blocked.lst }
listen httpsproxy 0.0.0.0:443
mode tcp
option ssl-hello-chk
option tcplog
balance leastconn
#HEALTH CHECKS
option httpchk GET /someindex.html HTTP/1.1\r\nHost:\ site.site.com
http-check expect ! rstatus ^5 # Accept all 2XX and 3XX errors considering 5XX errors to fail health.
default-server inter 3s fall 3 rise 2
server hostname.com 10.0.1.2:443 send-proxy check
server hostname.com 10.0.2.2:443 send-proxy check
server hostname.com 10.0.3.2:443 send-proxy check
tcp-request content reject if { src -f /etc/haproxy/blocked.lst }
==============